​
🌟 Create S3 Buckets with Terraform

Welcome to a comprehensive guide on automating the creation of AWS S3 buckets using Terraform! This project ensures robust security, logging, and efficient data management. Below is a detailed breakdown of each resource and configuration step.

​
πŸ› οΈ Prerequisites

πŸ’» Ensure you have Terraform installed on your system. Check the Terraform installation guide if you’re unsure.

🚨 Important: Never hardcode your AWS credentials in Terraform files! Use environment variables or AWS Secrets Manager to enhance security.

​
πŸš€ Terraform Configuration

​
πŸ—ΊοΈ 1. AWS Provider Configuration

provider "aws" {
  region     = "ap-northeast-1"
  access_key = "YOUR_ACCESS_KEY" # Replace with your AWS access key
  secret_key = "YOUR_SECRET_KEY" # Replace with your AWS secret key
}

πŸ’‘ What is an IAM user? An IAM user in AWS allows you to securely access and manage your AWS resources without using the root user account. This protects your root account from potential security breaches.

​
πŸ‘€ 2. IAM User Creation

resource "aws_iam_user" "example_user" {
  name = "example-user"
}

​
πŸ›‘οΈ 3. IAM Policy

resource "aws_iam_user_policy" "s3_full_access" {
  name   = "s3-full-access-policy"
  user   = aws_iam_user.example_user.name
  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Action   = "s3:*",
        Effect   = "Allow",
        Resource = [
          "arn:aws:s3:::my-example-bucket-1-demo",
          "arn:aws:s3:::my-example-bucket-1-demo/*",
          "arn:aws:s3:::my-unique-log-bucket-12345",
          "arn:aws:s3:::my-unique-log-bucket-12345/*"
        ],
      }
    ]
  })
}

πŸ“œ Policy Notes: This grants the IAM user full access to the specified buckets. Adjust permissions for production environments to adhere to the principle of least privilege.

​
πŸͺ΅ 4. Logging Bucket

resource "aws_s3_bucket" "log_bucket" {
  bucket = "my-unique-log-bucket-12345"
  acl    = "private"

  tags = {
    Name        = "LogBucket"
    Environment = "Dev"
  }
}

​
πŸ“¦ 5. Main S3 Bucket

resource "aws_s3_bucket" "example" {
  bucket = "my-example-bucket-1-demo"
  acl    = "private"

  tags = {
    Name        = "MyExampleBucket"
    Environment = "Dev"
  }
}

​
πŸ”„ 6. Bucket Versioning

resource "aws_s3_bucket_versioning" "example" {
  bucket = aws_s3_bucket.example.bucket
  versioning_configuration {
    status = "Enabled"
  }
}

πŸ’‘ Why Enable Versioning? Versioning helps keep track of all changes made to your objects, offering a safeguard against accidental deletions or overwrites.

​
πŸ” 7. Server-Side Encryption

resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
  bucket = aws_s3_bucket.example.bucket

  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm = "AES256"
    }
  }
}

​
πŸ“œ 8. Bucket Logging

resource "aws_s3_bucket_logging" "example" {
  bucket        = aws_s3_bucket.example.bucket
  target_bucket = aws_s3_bucket.log_bucket.bucket
  target_prefix = "log/"
}

πŸ” Security Warning: Ensure logging permissions are correctly configured to avoid unauthorized access to logs.

​
πŸ•’ 9. Lifecycle Configuration

resource "aws_s3_bucket_lifecycle_configuration" "example" {
  bucket = aws_s3_bucket.example.bucket

  rule {
    id     = "example-rule"
    status = "Enabled"

    expiration {
      days = 365
    }

    transition {
      days          = 30
      storage_class = "STANDARD_IA"
    }
  }
}

πŸ“† Lifecycle Tips: Use lifecycle policies to optimize storage costs by transitioning older data to cheaper storage classes.

​
πŸ”’ 10. Bucket Policy

resource "aws_s3_bucket_policy" "example" {
  bucket = aws_s3_bucket.example.bucket

  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Effect = "Allow",
        Principal = {
          AWS = aws_iam_user.example_user.arn
        },
        Action = "s3:*",
        Resource = [
          "${aws_s3_bucket.example.arn}",
          "${aws_s3_bucket.example.arn}/*"
        ]
      }
    ]
  })
}

​
πŸŽ‰ Outputs

output "bucket_id" {
  value = aws_s3_bucket.example.id
}

output "log_bucket_id" {
  value = aws_s3_bucket.log_bucket.id
}

output "iam_user_access_key" {
  value = aws_iam_user.example_user.name
}

πŸ”— Outputs: These help you quickly reference created resources, making the setup reusable and scalable.

​
🎯 Highlights

  • IAM User & Policies: Granular access control.

  • S3 Buckets: Secure, organized, and scalable storage.

  • Versioning & Encryption: Data safety and compliance.

  • Logging: Enhanced auditing capabilities.

  • Lifecycle Rules: Cost-effective data management.

Happy Terraforming! 🌍

​
πŸ“§ Contact

For questions or feedback, reach out:

πŸ“¨ Email: projects@briankimemia.is-a.dev 🌐 Portfolio: Brian Kimemia GitHub: BrianKN019

Thank you for exploring this project! Let’s innovate and build secure AWS solutions together. πŸš€